> New U.S. e-Passports contain a 64 kbit RFID chip with personal information about the passport holder.

After reading last night's [slashdot.org] thread, I suppose encoding ~250 copies of the string "Kip Hawley is an idiot. Michael Chertoff is also an idiot" into an off-the-shelf 64kbit chip, putting the chip in a small wad of gum, and then swallowing the gum, is no longer an option.

There is the ever present theory that wrapping something in tinfoil will prevent RFID communications from working. Does anyone know if this is true or has been tested? If it works, just wrap your passports in tinfoil.

Yahma
--
BLASTProxy.com [blastproxy.com] - A public anonymous proxy server that allows you to bypass firewall restrictions at home and work and surf safely.

I have a passport case and will be sure to line it with mu-metal (not just aluminum foil) when I get a new passport in a few years. I'm sure that similar things will be up for sale. Indeed, if there's a manufacturer out there who wants to work on this, and knows sewing better than technology, write to bruce at perens dot com.

I guess this is something that not everybody understands yet. Of course you'd take the passport out of the case when there's a legitimate occassion to read it, like going through immigration security at some country (which I do a few times a month). The problem is that people can read it while it's in your pocket, with the right equipment, wherever you go, all the time, hundreds of times per day. And having it in a mu-metal case when you do not expect it to be read would be a good security practice. Is that more clear?

I have no problem with RFID in the passport, as long as it is implemented in an intelligent manner. I don't see it as any more of an invasion of privacy than the personal photo and address information, and also the log of my recent travels.

I plan on having an aluminum foil carrying case for my RFID passport, when I get one, so it can't be read without being opened. Recently I saw a link to a company that makes wallets with a metal foil already embedded in the leather, so RFID chips can't be scanned remotely. The also sell a foil insert that goes in the bill area. I acn't remember the name though -- I thought it was a wordplay with 'wallet' and 'magnet', perhaps the word 'envelope'?

The only thing I don't want is an RFID implant. You might wear a farraday armband, but the whole idea reminds me too much of Jews getting serial numbers tatooed shortly before they were shipped into the death camps.

Has anyone actually tried to take an aluminum foil wrapped anything through airport security? I assume that would look suspicious to anyone, i.e. why the hell is it in foil, is it a bomb, etc. Did you get harassed at all? I actually just got a passport and am travelling far, far away, so I *could* try it...

Is there any way to energize an unshielded card from more than, say, 5 feet away, or is the danger primarily from people with readers brushing up against you for a reading?

Sure, all that possible. If you leave your passport open(closing it completes the faraday cage in the cover). Of course, people can also read all the data on your passport whenever they open it using this ancient technology called "eyes". And if you want to extend their range, you just have to get a few "lenses" and you can see it a good ways away!

Come on slashdot-folks I expected better than all these comments about tin-foil hats.

It's bad enought that I have to put up with this any time I talk to any non-techie about the fact that I work for an RFID company and no I am not evil and do not wish to track their every move and alert someone that they are using the bathroom too much.

--Now for the Facts--

There are two main categories for RFID systems on the market today. These are near field systems thatemploy **inductive coupling** of the transponder tag or Smart Label to the reactive energy circulating around the reader antenna, and far field systems that couple to the real power contained in free space propagating electromagnetic plane waves.

The passports are (repeat after me) *inductive* which means that they are activated by a magnetic field which is amplified by that metal loop you see to provide power to read the memory on the chip. The claims that someone could build a reader to read your tag from even 10 or 20 feet away is ridiculous. It would require the creation of such a big magnetic field that it would probably zap all magnetic material (such as hard drives, floppy discs, usb keys) that I am sure someone would notice. Also in order to read the reflection of the magnetic field which is what determines the response (RFID works like an echo you yell at something and wait for the echo to figure out what the id is) you would need such a big receiver (note this is still for 10 - 20 feet only) that you would literally look like someone out of the verizon commercial.

I know us techies are generally oblivious to the outside world but I think if you saw someone like this within 10 feet you should generally notice. Also you should run because that magnetic energy will probably fry your nads among with other crucial body parts you may never use (sorry couldn't resist).

The only real danger is that some hot woman with an rfid reader decides to bump into you and just happen to place her hand where your passport is. If you foresee that happening a lot then I suggest you get a tin-foil cover. However if that happens to you a lot then you are probably not on slashdot and reading this anyways.

Sorry but I am a little sick and tired of hearing about all these security concerns by people who don't know how these systems actually work. Can you tell?

"Sorry but I am a little sick and tired of hearing about all these security concerns by people who don't know how these systems actually work. Can you tell?"

Sorry, but I am a little sick and tired about hearing about how there are no security concerns from the people who don't care about anything but selling their products to a government that wants more control over its people. Do you care?

Is there any way to energize an unshielded card from more than, say, 5 feet away, or is the danger primarily from people with readers brushing up against you for a reading?

The issues seem to be the following:
1) RFID chips are activated by the EM energy delivered from the reader.
2) When closed, the passports in question are contained in a complete farraday cage, blocking any EM radiation from passing between the inside and outside of the passport.
3) When open, the regular rules of electromagnetic radiation hold true (inverse square law?). You need exponentially more radiation to power the passport each time you double the distance away you are.
4) Devices with a 3V, 1A power supply are designed to read the cards at a distance of 3" (numbers pulled from my head; might not be 100% accurate). Using napkin mathematics, assuming a similar sized antenna, at 6", you would need 9V, and at 1' you would need 81V. At 2' you would need roughly 6.5kV. At 4' you would need roughly 43mV. This is to activate the chip, not to read it.
5) Reading an already activated chip with a passively receiving device would be much simpler; it could easily be done from 10' away with a 3V power supply and a larger antenna.

So, according to my flawed calculations: nobody is going to be reading a closed passport, only people with a pretty large generator are going to be activating and reading a passport from anywhere further away than a few inches, and anyone in line of sight (and some not in line of sight) could be reading your passport as it is simultaneously being read by official readers.

Good points. However, there are two issues with electronic passports:1) Someone can still read it remotely, and get access to all kinds of personally identifying information. Yes, you have to get close, but it still is quite possible. Ever seen pickpockets at work? They manage to *remove* your wallet without you noticing it. Considering the potential damage that can result from someone getting their hands on your passport, I'd rather not make it easier for people to access them.

2) You don't know what's on your passport. Yes, there are commercial RFID readers out there. Yes, you can probably buy one. Yes, you might even get it to work properly. But at what cost? Besides, is there any encrypted information on there? I'm sure the friendly US government won't give you access to the data on it. As for the dangers of what's on there... it will basically work like a permanent tag that people will trust completely. Just as an example of how easy it is to screw with these things, my current passport is a replacement for a lost one. However, some nitwit in database entry decided to mark my current passport as lost. Which means that everytime I enter the country, I get to sit for 45 minutes in the special triage section of customs and immigration. And it can't be fixed either - I asked several times.

In short, there is little benefit for me, but a whole lot of risk. I most likely will just fry my RFID chip when I get my new passport.